Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
html injection vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2022-0661
The Ad Injection WordPress plugin up to and including 1.2.0.19 does not properly sanitize the body of the adverts injected into the pages, allowing a high privileged user (Admin+) to inject arbitrary HTML or javascript even with unfiltered_html disallowed, leading to a stored cro...
Ad Injection Project Ad Injection
7.5
CVSSv2
CVE-2017-5677
PEAR HTML_AJAX 0.3.0 up to and including 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer. It allows remote code execution. In one viewpoint, the root cause is an incorrect regular expression.
Pear Html Ajax 0.5.6
Pear Html Ajax 0.5.4
Pear Html Ajax 0.3.4
Pear Html Ajax 0.3.2
Pear Html Ajax 0.5.3
Pear Html Ajax 0.5.2
Pear Html Ajax 0.5.1
Pear Html Ajax 0.5.0
Pear Html Ajax 0.4.1
Pear Html Ajax 0.3.1
Pear Html Ajax 0.3.0
Pear Html Ajax 0.5.7
Pear Html Ajax 0.5.5
Pear Html Ajax 0.4.0
Pear Html Ajax 0.3.3
7.5
CVSSv2
CVE-2010-4609
SQL injection vulnerability in index.php in Html-edit CMS 3.1.8 allows remote malicious users to execute arbitrary SQL commands via the nuser parameter in a registrate action.
Html-edit Html-edit Cms 3.1.8
1 EDB exploit
7.5
CVSSv2
CVE-2018-1999022
PEAR HTML_QuickForm version 3.2.14 contains an eval injection (CWE-95) vulnerability in HTML_QuickForm's getSubmitValue method, HTML_QuickForm's validate method, HTML_QuickForm_hierselect's _setOptions method, HTML_QuickForm_element's _findValue method, HTML_Q...
Html Quickform Project Html Quickform 3.2.14
Civicrm Civicrm 5.3.0
Civicrm Civicrm
NA
CVE-2022-3689
The HTML Forms WordPress plugin prior to 1.3.25 does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users
Ibericode Html Forms
NA
CVE-2019-25144
The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 2.2.10 due to insufficient input sanitization. This makes it possible for unauthenticated malicious users to inject arbitrary HTML in pages that execute if they can successfull...
Codemiq Wp Html Mail
NA
CVE-2019-25148
The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 2.9.0.3 due to insufficient input sanitization. This makes it possible for unauthenticated malicious users to inject arbitrary HTML in pages that execute if they can successful...
Codemiq Wp Html Mail
4.3
CVSSv2
CVE-2006-0735
Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom HTML::BBCode 1.04 and previous versions, as used in products such as My Blog prior to 1.65, allows remote malicious users to inject arbitrary Javascript via a javascript URI in an (1) img or (2) url BBcode tag.
Fuzzymonkey My Blog 1.31
Fuzzymonkey My Blog 1.4
Fuzzymonkey My Blog 1.63
Fuzzymonkey My Blog 1.64
Fuzzymonkey My Blog 1.23
Fuzzymonkey My Blog 1.3
Fuzzymonkey My Blog 1.61
Fuzzymonkey My Blog 1.62
Fuzzymonkey My Blog 1.21
Fuzzymonkey My Blog 1.22
Fuzzymonkey My Blog 1.52
Fuzzymonkey My Blog 1.6
Fuzzymonkey My Blog 1.0
Fuzzymonkey My Blog 1.2
Fuzzymonkey My Blog 1.5
Fuzzymonkey My Blog 1.51
M Blom Html-bbcode 1.03
M Blom Html-bbcode 1.04
1 EDB exploit
4.3
CVSSv2
CVE-2015-8685
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) external calendar url or (2) the bank name field in the "import external calendar" page.
Dolibarr Dolibarr
4.3
CVSSv2
CVE-2019-10226
HTML Injection has been discovered in the v0.19.0 version of the Fat Free CRM product via an authenticated request to the /comments URI. NOTE: the vendor disputes the significance of this report because some HTML formatting (such as with an H1 element) is allowed, but there is a ...
Fatfreecrm Fat Free Crm 0.19.0
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111
CVE-2024-32884
IDOR
CVE-2023-1000
CVE-2024-33260
CVE-2024-3682
reflected XSS
race condition
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »